This friend I know is using winrar to encrypt his wallets with fairly long passwords. How secure is winrars password encryption, and what's the next most convenient and more reliable form of file encryption?

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3ZbMail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf

I know this shouldn't matter, but I think it would be weird to protect something so valuable with a program everyone has on their desktop. I am not sure why I feel like it matters to me, but it does, I can't find the logic in it yet.

I know this shouldn't matter, but I think it would be weird to protect something so valuable with a program everyone has on their desktop. I am not sure why I feel like it matters to me, but it does, I can't find the logic in it yet.

I know this shouldn't matter, but I think it would be weird to protect something so valuable with a program everyone has on their desktop. I am not sure why I feel like it matters to me, but it does, I can't find the logic in it yet.

Only annoying part is that you have to create a volume that is big enough, because re-sizing isn't really possible (I've saw somewhere about someone having a 150MB+ wallet.dat file)

I know this shouldn't matter, but I think it would be weird to protect something so valuable with a program everyone has on their desktop. I am not sure why I feel like it matters to me, but it does, I can't find the logic in it yet.

Only annoying part is that you have to create a volume that is big enough, because re-sizing isn't really possible (I've saw somewhere about someone having a 150MB+ wallet.dat file)

This friend I know is using winrar to encrypt his wallets with fairly long passwords. How secure is winrars password encryption, and what's the next most convenient and more reliable form of file encryption?

How long is fairly long? The weak link would be a brute-force attack, and the plausibility of that will directly depend on how many passwords someone would have to try to get to his. There already exists hardware used by law enforcement to brute force WinRAR passwords.http://www.forensic-computers.com/TACC1441.php

I am an employee of Ripple.1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN

7-Zip has 256 bit AES. I'm using that with an 18 char password and storing my wallet completely and permanently offline, so I'm sleeping pretty well at night

Now I just have to fill it with a few BTC haha!

7-Zip uses iterated SHA-256 as its key derivation function. This is weak against hardware brute force attacks. If your password really is 18 randomish characters, you should be fine. If it's one English word with a few digits before or after it, you are theoretically vulnerable to that kind of attack.

On the bright side, you don't really have to worry about someone stealing your wallet today and then breaking it in ten years when the computing power is available to do so. Shortly before the time any encryption scheme you ever used to protect your wallet becomes vulnerable to an attack (due to increasing computing power, a newly-discovered flaw, or whatever), you can simply transfer all your BitCoins to a brand new wallet using an encryption scheme that is stronger.

I am an employee of Ripple.1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN

7-Zip uses iterated SHA-256 as its key derivation function. This is weak against hardware brute force attacks. If your password really is 18 randomish characters, you should be fine. If it's one English word with a few digits before or after it, you are theoretically vulnerable to that kind of attack.

Are you sure? The version I have (Ver 9.20) says AES-256. And yes, 18 random chars.

]7-Zip uses iterated SHA-256 as its key derivation function. This is weak against hardware brute force attacks. If your password really is 18 randomish characters, you should be fine. If it's one English word with a few digits before or after it, you are theoretically vulnerable to that kind of attack.

Are you sure? The version I have (Ver 9.20) says AES-256. And yes, 18 random chars.

An attack would be on the weakest link which is the key derivation, not the encryption.

http://www.7-zip.org/7z.html says:"This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password."

18 random characters is secure for the foreseeable future.

I am an employee of Ripple.1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN